Vulnerabilities > Cisco > Identity Services Engine Software > 2.3.0.298

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2019-15282 Missing Authentication for Critical Function vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device.
network
low complexity
cisco CWE-306
5.3
5.3
2019-10-16 CVE-2019-15281 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
4.8
4.8
2018-06-07 CVE-2018-0339 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.126)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.
network
low complexity
cisco CWE-79
6.1
6.1
2018-05-17 CVE-2018-0289 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.223)
A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.
network
low complexity
cisco CWE-79
6.1
6.1